Hi
A very good day to you, we have this urgent requirement if you are interested, please send me your resume along with the rate you are looking for.
PLEASE REPLY TO Ajit.Deshpande@damcosoft.com
Title: Security Analyst
Located: San Francisco CA
Duration: 8 months
Information Security Vendor Risk Assessment
The key responsibilities of the Vendor Information Security Risk Consultant will include, but not be limited to:
• Conducting vendor due diligence, participate in follow-up activities with vendors and identify risks as they relate to vendor's information security practices
• Conducting product and service risk assessments and determine inherent information security risk for vendor relationships
• Implementing and executing the Vendor Incident Response Process for Information Security Vulnerabilities when required
• Providing written observations to Business about findings, control deficiencies, gaps, etc. identified during the Due Diligence exercise and related guidance about required remediation
• Drafting language for Business should they want to consider leveraging the Risk Acceptance Process
• Support requests for review of contract language in vendor agreements
• Identify policy, process and system issues and propose enhancements as appropriate
• Build and maintain strong working relationships with Vendor Risk Administration, Vendor Relationship Managers, Contract Managers and other stakeholders within the company
Technical Skills
• Fundamental understanding of Information Security Risk assessment and analysis methodologies
o A solid understanding of information security practices and activities and the risk associated with them
o Ability to analyze Information Security Risks and Controls including identification of mitigating controls
o Some knowledge of Information security industry standards (e.g., ISO 27000 series, NIST, PCI)
o Risk quantification, risk recording and risk reporting
• Basic knowledge of Regulatory Requirements pertaining to Vendor Relationships
• Project management techniques
• Experience working with Excel and Microsoft SharePoint
Required Soft Skills
• Ability to work successfully in a very fast paced and changing environment
• Flexibility to work in varying business functions and capabilities
• Proven ability to learn quickly and work independently and as a team member
• Strong organization skills and ability to prioritize multiple demands in order of sense of urgency
• Good communication (written and oral) and interpersonal skills
• Ability to address challenges with minimal supervision, when required
• Willingness to collaborate across the organization
• Proactive mindset and behaviors
Experience
• 3-5 years of experience in information security
• Financial Services experience, with Top 10 banking preferred
• Experience in either Information Technology/business management or Information Technology audit/compliance preferred, including
o Executing Risk Assessments related to information security practices and summarizing observations related to findings, control deficiencies, gaps, etc. identified during the Due Diligence exercise and related guidance about required remediation
o Understanding of variation in Due Diligence required as it relates to Vendor Information Security and the service the Vendor is providing (SSAE16,Network Diagrams ,Information Security Policies, User Provisioning, Information Classification Levels, PCI, Industry Self-Assessments, Internet Service Provider Hosting or Processing Data, Cloud Provider)
o Ensuring that the documented information security practices are effective and are being applied
o Recommending Risk Mitigation techniques based on the business needs of the enterprise
o Implementing and managing an short-term Incident Management information gathering or similar process and reporting results on a periodic basis (e.g. utilizing a SharePoint Survey to collect information and report results in a meaningful manner)
Educational Requirements
• Bachelor Degree with some coursework in Information Technology
• At least 1 Information Security Certification (e.g. CISSP,CRISC, CISM, CISA, etc.)
Regards
Ajit Deshpande
Resource Manager
+1 631-759-8044 Ext: 404 (O)
+1 347-826-3427 (F)
E: Ajit.Deshpande@damcosoft.com
NY Office: 112 W 34th St, 18th Floor, New York, NY 10120
NJ Office: 894 Green Street, Suite B, Iselin, NJ 08830
Corporate: www.damcosoft.com
P Please consider the planet before printing | Switch off as you go |qRecycle always | Your child deserves a better world
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message
--
Request: Please do not send any messages to this group which are nor related to IT staffing.
You received this message because you are subscribed to the Google
Groups "Technical Recruiters" group.
To post to this group, send email to
technical-recruiters@googlegroups.com
To unsubscribe from this group, send email to
technical-recruiters+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/technical-recruiters?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups "Technical Recruiters" group.
To unsubscribe from this group and stop receiving emails from it, send an email to technical-recruiters+unsubscribe@googlegroups.com.
To post to this group, send email to technical-recruiters@googlegroups.com.
Visit this group at http://groups.google.com/group/technical-recruiters.
To view this discussion on the web visit https://groups.google.com/d/msgid/technical-recruiters/CAP%3DyFRYSPN-QSKQxYjobUT8GwjiNhXc%3D4ib67cbdWoCTveFsdQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
0 comments:
Post a Comment